A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/rancher/norman(Go) | 0 | 0.0.0-20240207153100-3bb70b772b52 | N/A |
CVSS Metrics
